CVE-2021-43789

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-43789
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43789.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-43789
Aliases
Published
2021-12-07T17:15:10Z
Modified
2024-10-12T08:37:10.622400Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

PrestaShop is an Open Source e-commerce web application. Versions of PrestaShop prior to 1.7.8.2 are vulnerable to blind SQL injection using search filters with orderBy and sortOrder parameters. The problem is fixed in version 1.7.8.2.

References

Affected packages

Git / github.com/prestashop/prestashop

Affected ranges

Type
GIT
Repo
https://github.com/prestashop/prestashop
Events

Affected versions

1.*

1.7.5.0
1.7.5.1
1.7.6.0
1.7.6.0-beta.1
1.7.6.0-rc.1
1.7.6.0-rc.2
1.7.6.1
1.7.6.2
1.7.6.3
1.7.6.4
1.7.6.5
1.7.6.6
1.7.6.7
1.7.6.8
1.7.6.9
1.7.7.0
1.7.7.0-beta.1
1.7.7.0-beta.2
1.7.7.0-rc.1
1.7.7.1
1.7.7.2
1.7.7.3
1.7.7.4
1.7.7.5
1.7.7.6
1.7.7.7
1.7.7.8
1.7.8.0
1.7.8.0-beta.1
1.7.8.0-rc.1
1.7.8.1